> This is not secure. The master secret is derived from data
> transmitted in clear and the premaster secret, which is just the
> result of the DH exchange, which *can* be influenced by an attacker in
> a way such that the client and server agree on its value and the
> attacker knows it too.
Really? How are you guys calculating themaster secret from the DH
exchange?
IPSEC IKE does an anonymous DH exchange, and then the DH shared keyis
authenticated under the DH exchange using Certificates (or Kerberos, if
you're Microsoft). This kind of thing *can* work, if you're using
normal DH, which is what I thought TLS was using. I'm not an
expert about TLS, but I *am* sure that's how IPSEC works. (I'm one of
the wg chairs for IPSEC. :-)
- Ted
P.S. I'm currently at Linux World, so my e-mail latency may be higher
than normal.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
